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Abstract 

The modal logic S4 can be used via a Curry-Howard style correspondence to obtain a A- 

calculus. Modal (boxed) types are intuitively interpreted as 'closed syntax of the calculus'. 

This A-calculus is called modal type theory — this is the basic case of a more general contex- 
ts tual modal type theory or CMTT. 

CMTT has never been given a denotational semantics in which modal types are given 

denotation as closed syntax. We show how this can indeed be done, with a twist. We also 
pP use the denotation to prove some properties of the system. 
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1. Introduction 

The box modality □ from modal logic has proven its usefulness in logic. It admits various 
logical and semantic interpretations in the spirit of 'we know that' or 'we can prove that' or 
'in the future it will be the case that'. A nice historical overview of modal logic, which also 
considers the specific impact of computer science, is in [BdRVOl, Subsection 1.7]. 

CMTT (contextual modal type theory) is a typed A-calculus based via the Curry-Howard 
correspondence on the modal logic S4. The box modality becomes a type-former, and box 
types are intuitively interpreted as 'closed syntax of. 

So CMTT has types for programs that generate CMTT syntax. 

Because of this, CMTT has been applied to meta-programming, but it has independent 
interest as a language, designed according to rigorous mathematical principles and in har- 
mony with modal logic, which interprets □ in a programming rather than a logical context. 
Box types are types of the syntax of terms. 
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Until now this has not been backed up by a denotational semantics in which box types 
really are populated by the syntax of terms. In this paper, we do that: our intuitions are 
realised in the denotational semantics in a direct and natural, and also unexpected, manner. 

The denotation is interesting from the point of view of the interface between logic and 
programming. Furthermore, we exploit the denotation to prove properties of the language, 
showing how denotations are not only illuminating but can also serve for new proof-methods 

1.1. Keeping it simple 

This paper considers two related systems: 

• The purely modal system, based on box types like OA. 

• The contextual modal system, based on 'boxes containing types' like [Ai, ^J-B — the 
reader might like to think of the contextual system as a multimodal logic [GKWZ03, 
Subsection 1.4] (whose modalities are themselves indexed over propositions). 

Broadly speaking, the purely modal system is nicer to study but a little too simple. The 
contextual modal system generalises the purely modal system and gives it slightly more 
expressive power, but it can be a little complicated; not obscure, just long to write out. 

Therefore, we open this paper with the modal system, make the main point of our de- 
notation in the simplest and clearest possible manner — the reader who wants to jump right 
in and work backwards could do worse than start with the example denotations in Subsec- 
tion 3.3.2 onwards — and then we consider the contextual system as the maths becomes more 
advanced. Section 2 presents syntax and typing of the modal system and Section 5 does the 
same for the contextual modal system; Section 3 gives modal denotations and Section 6 gives 
contextual modal denotations. 

The developments are parallel, but not identical. Where proofs are not very different 
between the modal and contextual systems, we omit routine repetition. We consider reduc- 
tion of the modal system in Section 4 but not reduction of the contextual system. Also, we 
develop the important notion of shapeliness only for the contextual system in Section 7; it is 
obvious how the modal case would be a special case. 

1.2. Key ideas 

Our main technical results are Theorems 3.14 and 6.10, and Corollary 7.7. 

However, just looking at these results may be misleading; the key technical ideas that 
make these results work, and indeed contribute to making them interesting, occur before- 
hand. 

So it might be useful to list some of the key ideas in the paper. This list is not an exhaus- 
tive technical overview, so much as clues for the reader who wants to gain some quick insight 
and navigate the mathematics. Here are some of the main points that make the mathematics 
in this paper different and distinctive: 

• Inflation in the case of [DA] in Figure 3, and the 'tail of semantics of X@ in Figure 4. 
This is discussed in Remark 3.5. 

• Proposition 2.23 and the fact that it is needed for soundness of the denotation. 

• The remarkable Proposition 3.13, in which valuations get turned into substitutions and 
closed syntax in the denotation interacts directly with the typing system. This is a kind 
of dual to the interaction seen in Proposition 2.23. 
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• The denotation of [[^JA] in Figure 8, which in the context of the rest of the paper is 
very natural. 

• The notion of shapeliness in Definition 7.1 and the 'soundness result' Proposition 7.6. 
We discuss all of these in the body of the paper. 

1.3. On intuitions 

1.3.1. ' Syntax' means syntax 

One early difficulty the authors of this paper faced was in communication, because we 
sometimes used terms synonymously without realising that the words were so slippery. 

The intuition we give to HA is self-reflectively closed syntax of the language itself. This is a 
distinct intuition from 'computations', 'code', 'values', or 'intensions', because these are not 
necessarily intended self-reflectively. 

It is very important not to confuse this intuition with apparently similar intuitions ex- 
pressed as 'code of A', 'values of A', 'computations of A', or 'intension of A'. These are not 
quite the same thing. It may be useful to briefly survey them here: 

• 'Code of A' is an ambiguous term; this is often understood as precompiled code or 
bytecode, rather than syntax of the original language. See [WLP98] for a system based 
on that intuition. 

• 'Values of A' is a dangerous intuition and there probably should be a law against it: 
depending on whom one is speaking with, this could be synonymous in their mind 
with 'normal forms of A' (a syntactic notion) or 'denotations of A' (a non-syntactic 
notion). 

Matters become even worse if one's interlocuteur assumes that denotations may be 
silently added to syntax as constants (fine for mathematicians; not so fine for program- 
mers). More than one conversation has been corrupted by the associated misunder- 
standings. 

• For a discussion of 'computation of A' see the Related Work in the Conclusions, where 
we discuss how this intuition can lead to a notion of Moggi-style monad. 

• 'Intension of A' is similar to 'syntax of A', but significantly more general: there is no 
requirement that the intension be syntactic, or if it is syntactic, that it be the same 
calculus. One could argue that 'intension of should also satisfy that the denotation of 
nOA be identical in some strong sense — e.g. be the same set as — to that of OA, since 
taking an intension twice should reveal no further internal structure. (This does not 
match the denotation of this paper.) 

An interesting (and as far as we know unexplored) model of this intuition might be 
partial equivalence relations (PERs), where DA takes A and forms the identity PER 
which is defined where A is defined. 1 Famously, PERs form a cartesian-closed category 
[AL91, Subsection 3.4.1]. 

In short: where the reader sees 'OA', they should think 'raw syntax in type A'. 



1 A\ex Simpson and Paul Levy both independently suggested PERs when the first author sketched the ideas 
of this paper, and Simpson went further and suggested the specific model discussed above. We are grateful to 
Levy and Simpson for their comments, which prompted us to be specific about the intuition behind the particular 
denotation in this paper. 
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1.3.2. 'Functions' means functions 

It maybe useful now to head off another possible confusion: where the reader sees A—>B, 
they should think 'graph of a function' — not 'computable function', 'representable function', 
'syntax of a function', or 'code of a function'. 

All of these things are also possible, but in this paper our challence is to create a type sys- 
tem, language, and denotation which are 'epsilon away' from the simply-typed A-calculus 
or (since we admit a type of truth-values) higher-order logic — and it just so happens that we 
also have modal types making precisely its own syntax into first-class data. 

So: we are considering a 'foundations-flavoured' theory in which A— >B represents all 
possible functions (in whatever foundation the reader prefers) from A to B, and we do 
not intend this paper to be 'programming-flavoured' in which A— >B represents only that 
function(-code) or normal forms that can exist inside some computational device. And, DA 
should represent, as much as possible, 'the syntax of our language /logic that types as A'. 

2. Syntax and typing of the system with box types 

We start by presenting the types, terms, and typing relation for the modal type system. 
This is the simplest version of the language that we want to give a denotational semantics 
for. 

2.1. The basic syntax 

Definition 2.1. Fix two countably infinite sets of variables A and X. We will observe a 
permutative convention that a,b,c, . . . will range over distinct variables in A and X, Y, Z, . . . 
will range over distinct variables in X. We call a, 6, c atoms and X, Y, Z unknowns. 

Definition 2.2. Define types inductively by: 



A ::=o I N I A-+A I DA 



Notation 2.3. By convention, if X and Y are sets we will write Y x for the set of functions 
from X to Y. This is to avoid any possible confusion between A— >B (which is a type) and 
Y x (which is a set). 

Remark 2.4. • o will be a type of truth values; its denotation will be populated by truth- 
values {_L, T}. 

• N will be a type of natural numbers; its denotation will be populated by numbers 

{0,1,2,...}. 

• A^B is a function type; its denotation will be populated by functions. 

• DA is a modal type; its denotation will be populated by syntax. 

Definition 2.5. Fix a set of constants C to each of which is assigned a type type{C). We write 
C : A as shorthand for 'C is a constant and type(C) = A'. We insist that constants include 
the following: 

_L : o T : o isapp A : (OA)— to 

We may also assume constants for N, such as : N, succ : N— >N, * : N— ^N— »N and + : 
N— >N— >N, a fixedpoint combinator, we may write 1 for succ(0), and so on. 2 



2 . . . so we follow the example of PCF [Mit96]. 
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We may omit type subscripts where they are clear from context or do not matter. 
Definition 2.6. Define terms inductively by: 



r ::= C \ a | X@ | \a:A.r \ rr \ Or \ letX=r inr 



Constants C are, as standard in the A-calculus, added as desired to represent logic and 
computational primitives. An atom a plays the role of a standard A-calculus variable; it is 
A-abstracted in a typed manner in Xa:A.r. The term X@ means intuitively 'evaluate X' and 
□r means intuitively 'the syntax r considered itself in the denotation'. Finally let X=s in r 
means intuitively 'set X to be the syntax calculated by s, in r' . Examples of this in action are 
given and discussed in Subsection 2.3. 

Remark 2.7. The effect of r@ (which is not syntax) is obtained by let X=r in X@. Likewise 
the effect of XX:\DA.r (which is not syntax) is obtained by Xa:OA.let X=a in r. 

We cannot emulate letX=s inX@ using (Xa:A.a@)r. The expression 'a@' would mean 
'evaluate the syntax a' rather than 'evaluate the syntax linked to a'. 3 

Definition 2.8. Define free atoms fa{r) and free unknowns fu(r) by: 



fa(C) 


= 




fa{a) 


= {a} 


fa(Xa:A.r) 


= fa(r)\{a} 




fa(rs) 


= fa(r)Ufa( S ) 


fa{Ur) 


= fa(r) 


fa{letX= 


=s in r) 


= fa(r)Ufa( S ) 


fa(X & ) 


= 








HC) 


= 




fu(a) 


= 


fu(Xa:A.s) 


= fu(s) 




fu(rs) 


= fu(r)Ufu{s) 


fu(Dr) 


= Mr) 


fu(letX= 


=s in r) 


= (fu(r)\{X})Ufu(s) 


HX @ ) 


= {X} 









If fa{r) U fu{r) = then we call r closed. 

Definition 2.9. We take a to be bound in r in Xa:A.r and X to be bound in r in let X=s in r, 
and we take syntax up to a-equivalence as usual. We omit definitions but give examples: 

• Xa:A.a = Xb:A.b. 

• Xa:A.(X@a) = Xb:A.(X @ b). 

• let X=\Da in X@b = let Y=\Da in Y@b. 

As the use of an equality symbol above suggests, we identify terms up to a-equivalence. 4 



3 In addition even if a® were syntax, it would not type in the typing system of Figure 1, because /a(a@) would 
be equal to {a} ^ (Definition 2.8). Modal types are inhabited by dosed syntax (Definition 2.8). 

4 Using nominal abstract syntax [GP01] this identification can be made consistent with the use of names for 
bound atoms and the inductive definition in Definition 2.6. However, studying how best to define syntax is not 
the emphasis of this paper. 
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(Hyp) (Const) 

T,a:Aha:A T h C : type{C) 

T,a:Ahr:B T \- r' : A B T h r : A 
T h (Aa:Ar) : A -> S T h r'r : B 

rhr:A (/ a (r)=0) T h s:CL4 T, h r:5 

^-^ (DI) - (DE) 

rhDr:Di r h let X=s inr : B 

(Ext) 



T,X : DA h X& : A 



Figure 1: Modal type theory typing rules 

2.2. Typing 

Definition 2.10. • A typing is a pair a : A or X : DA 

• A typing context T is a finite partial function from A U X to types. 

• A typing sequent is a tuple r h r : A of a typing context, a term, and a type. 

We use list notation for typing contexts, e.g. a: A, Y:B is the function mapping a to A and 
Y to B; and a:vl 6 T means that T(a) is defined and T(a) = A. 



Define the valid typing sequents of the modal type system inductively by the rules in 
Figure 1. 



We discuss examples of typable terms in Subsection 2.3. The important rule is (DI), 
which tells us that if we have some syntax r and it has no free atoms, then we can box it 
as a denotation Or of box type — any free unknowns X in r/Dr get linked to further boxed 
syntax, which is expressed by (DE). 

Notation 2.11. We may write h r : A just as r : A 

Notation 2.12. If T is a typing context and U C AUX then write F\jj for V restricted to U. This 
is the partial function which is equal to F where it is defined, and dom(T\jj) = dom{T) n U. 

Proposition 2.13 combines Weakening and Strengthening: 

Proposition 2.13. IfV h r : A and T'\ fu{r)ufa{r) = r| /u(r)u/a(r ) then V h r : A. 

Proof. By a routine induction on r. □ 

2.3. Examples of terms typable in the modal system 

We are now ready to discuss intuitions about this syntax; for a more formal treatment see 
Section 3 which develops the denotational semantics. We start with some short examples 
and then consider more complex terms. 
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2.3.1. Short examples 

1. Assume constants -i : o—>o and A : o— >o— >o, where A is written infix as usual. Then we 
can type 

h Xa-.Bo.let X=a inO(^X & ) : Oo^-Oo. 

0h Xa:Oo.Xb:Oo.letX=ainletY=binO(X@AY< Sl ) : □o-^Do-^Do. 
h Aa:Do./ei X=a in D(X@ A X@) : Do-^Do. 

Intuitively these represents the syntax transformations P ^ ->P, P,Q \-t P A Q, and 
P^ PAP. 

2. This program takes syntax of type A and evaluates it: 

h Aa:QA.Zet X=a wi-X® : UA-^A 

This corresponds to the modal logic axiom (T). 

3. Expanding on the previous example, this program takes syntax for a function and an 
argument, evaluates the syntax and applies the function to the argument: 

h Xa:0(A^B).Xb:A.(let X=a in X m )b : D(A-+B) -> (A-kB) 

4. This program takes syntax of type A tagged with □, and adds an extra □ so that it 
becomes syntax of type DA: 

0h Xa-.OA.let X=a in OOX & : OA-^OOA 

This corresponds to the modal logic axiom (4). 

2.3.2. There is no natural term of type A— >OA 

We can try to give Xa:o.Oa the type A— >OA, but we fail because the typing context a:o 
does not satisfy fa(a) = 0. 

Our denotation of Figures 3 and 4 illustrates that it is not in general possible to invert the 
evaluation map from Subsection 2.3.1 and thus map A to DA. This is Corollary 3.15. 5 So 

• there is a canonical map OA— >A (syntax to denotation) — we saw this map in part 1 of 
this example — but 

• not in general an inverse map A—tOA (denotation to syntax). 

2.3.3. A term for Axiom K 

Axiom K, also called the normality axiom [BdRVOl, Definition 1.39, Subsection 1.6]; its type 
is 0(A->B)->OA->OB. 

We can write a term of this type. Intuitively, the term below takes syntax for a function 
and syntax for an argument, and produces syntax for the function applied to the argument: 

h Xa:0(A-^B).Xb:OA.let Y=b in let X=a in 0(X m Y@) : 0(A->B)->OA->OB 

Remark 2.14. We exhibited terms of type OA-tA, OA-^OOA, and U(A^B)^OA^OB, so 
Figure 1 implements (at least) the deductive power of an intuitionistic variant of S4 [BdRVOl, 
Subsection 4.1, page 194]. 6 



5 For sufficiently 'small' types this may be possible by specific constructions; see Example 3.16. 
6 The list of axioms of [BdRVOl, page 194] uses instead of □. 

A most remarkable family of theorems of Kripke semantics for modal logic relates geometric properties of 
the Kripke frame's accessibility relation with logical properties of the modalities. Axiom (K) is satisfied by all 
frames. Axiom (T) expresses geometrically that accessibility is reflexive. Axiom (4) expresses that accessibility 
is transitive. 
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The reader familiar with category theory may also ask whether □ can be viewed as a 
comonad, since HA— > A and OA— >n\3A look like the types of a counit and comultiplication 
(and perhaps \3(A—tB)—t\3A—t\3B looks like the action of a functor). We return to this in 
Section 8. 

2.3.4. The example of exponentiation 

This is a classic example of meta-programming: write a function that takes a number n 
and returns syntax for the function x G N H > x n . 

Assuming a combinator for primitive recursion over natural numbers and using some 
standard sugar, the following term implements exponentiation: 

exp DAfcN.l 
exp (succ(n)) let X=exp n in (nA6:N.6* (Xq6)J. 

However, the term above generates /3-reducts. The reader can see this because of the '□ Xb:N.b* 
(X@b)' above. This application X@b is trapped under a □ and will not reduce. 
Looking ahead to the reduction relation in Figure 5, exp 2 reduces to 

n(Xb:N.b* (Xb:N.b* ((A6:N.1)6)6)) and not to D(A6:N.(6*6*1)). 

Looking ahead to the denotation of Figure 4, the denotation of exp 2 will likewise be n(A6:N.5* 
(\b:N.b * ((A6:N.1)6)6)) in a suitable sense. We indicate the calculation in Subsection 3.3.4. 
The contextual system of Section 5 deals with this particular issue; see Subsection 6.2.2. 

2.4. Substitution 

Definition 2.15. An (atoms-)substitution a is a finite partial function from atoms A to terms. 
a will range over atoms-substitutions. 

Write dom(a) for the set {a \ a (a) defined} 

Write id for the identity substitution, such that dom(a) = 0. 

Write [a:=t] for the map taking a to t and undefined elsewhere. 

An (unknowns-)substitution 9 is a finite partial function from unknowns X to terms 
such that for every X, if X £ dom{9) then 9(X) = Or for some r with fa(r) = 0. 
9 will range over unknowns-substitutions. 
We write dom(9), id, and [X:=t] just as for atoms-substitutions. 

Definition 2.16. Define 

fa (a) = dom(a) U {fa(a(a)) \ a G dom(a)} and 
fu(9) = dom(9) U {fu{9(X)) \ X G dom(9)}. 

Remark 2.17. Where 9 is defined, it maps X specifically to terms the form Dr with fa(r) = 0. 

This is because TJr with fa(r) = 0' is the syntax inhabiting modal types. If we con- 
sider another class of syntax (e.g. in the contextual system of Section 5 onwards), then the 
corresponding notion of unknowns-substitution changes in concert with that. 

Definition 2.18 describes how atoms and unknowns get instantiated. We discuss it in 
Remark 2.20 but one point is important above all others: if 9{X) = Os' then X@9 is equal 
to s'. So a very simple reduction/computation is 'built in' to the substitution action for 
unknowns, that (□«')© ~~ > s '- ? 



7 (Ds')a is not actually syntax, but if it were, then (Ds')® — > s' would be its reduction. 
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Co 


= C 




aa 




(a G dom(a)) 


(rs)a 


= (ra)(sa) 




a a 


= a 


(a g' dom(a)) 


(Ur)a 


= D(ra) 


(Ac 


A.r)a 


= Xc:A.(ra) 


(c^fa(a)) 


X@a 


= Xq 


{letY=s 


in r)a 


= let Y=sa in ra 




ce 


= c 




a6 


= a 




{rs)6 


= {r9){s9) 




X@9 


= s' 


(9{X) = Us') 


{Ur)9 


= D(r9) 




X @ 9 


= x@ 


(X dom(9)) 


(\c:A.r)9 


= \c:A.(r6) 


(letY=s 


in r)9 


= let Y=s9 in r9 


(Y?fu(9)) 



Figure 2: Substitution actions for atoms and unknowns 



Definition 2.18. Define atoms and unknowns substitution actions ra and r9 inductively by 
the rules in Figure 2. 

Lemma 2.19 illustrates a nice corollary of the point discussed in Remark 2.17. It will be 
useful later in Proposition 3.13. 

Lemma 2.19. fa(r9) = fa{r). 

Proof. By a routine induction on r using our assumption of Definition 2.15 that if X £ dom{9) 
then fa(9(X)) = 0. □ 

Remark 2.20. A few comments on Definition 2.18: 

• The two capture avoidance side-conditions c fa(a) and Y fu(9) can always be 
guaranteed by renaming. 

• We write (Hr)a = □(rcr). This is computationally wasteful in the sense that the side- 
condition fa(r) = on (DI) (Figure 1) guarantees that for typable terms (which is 
what we care about) ra = r. 

We prefer to keep basic definitions orthogonal from such optimisations, but this is 
purely a design choice (and see the next item in this list). 

• We write (\c:A.r)9 = Xc:A.(r9) without any side-condition that c should avoid capture 
by atoms in 9. This is because Definition 2.15 insists that fa{9{X)) = always, so there 
can be no capture to avoid. 

Recall the definition of [a:=s] from Definition 2.15. Lemma 2.21 is a standard lemma 
which will be useful later: 

Lemma 2.21. If a g" fa(r) then r[a:=s] = r. 

Proof. By a routine induction on r. □ 

Definition 2.22 and Proposition 2.23 are needed for Proposition 3.13. 

Definition 2.22. Suppose T is a typing context and 9 is an unknowns substitution. Write 
T h 9 when if X G dom{9) then X:UA G T for some A and T h 9{X) : DA. 

Proposition 2.23 is needed for Theorem 3.14 (soundness of the denotation). It is slightly 
unusual that soundness of typing under substitution should be needed for soundness under 
taking denotations. But the syntax is going to be part of the denotational semantics — that is 
its point — and so substitution is part of how this denotation is calculated (see the case of Dr 
in Figure 4). 
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{T M , _L M } truth-values 

{0,1,2,...} natural numbers 

{B} function-spaces 

{Or | h Dr : OA} x [4] dosed syntax & purported denotation 



Figure 3: Denotational semantics of modal types 



Proposition 2.23. Suppose F is a typing context and 9 is an unknowns substitution and suppose 
Fh 9 (Definition 2.22). Then F h r : A implies F h rO : A. 

Proof. By a routine induction on the typing of r. We consider four cases: 

• The case of (Ol). Suppose r h r : A and fa(r) = so that T h Dr : DA by (DI). By 
inductive hypothesis r h r# : A. By Lemma 2.19 also fa(r0) = 0. We use (DI) and the 
fact that {Or)9 = 0{r9), and Proposition 2.13. 

• The case of (Ext) for X e dom(0). By assumption in Definition 2.15, = Or' 
for some r' with fa(r') = 0. By assumption in Definition 2.22 h 9{X) : OA. By 
Definition 2.18 (X@)9 = r' . By Proposition 2.13 r h r' : A as required. 

• The case of (— >T). Suppose T, a:A h r : B so that by (— >1) F h Aa:Ar : A— ^5. By 
inductive hypothesis T, a:A \- rd : B. We use (— hi). 

• T/ze case of (DE). Suppose T, X:OA \- r : B and rhs:Diso that by (DE) F h 
letX=s inr : B. Renaming if necessary suppose X dom(8). By inductive hypothe- 
sis T, \- rO : B and T h s6» : DA We use (DE) and the fact that {let X=s in r)6 = 
let X=s6 in rO. 



3. Denotational semantics for types and terms of the modal type system 

We now develop a denotational semantics of the types and terms from Definitions 2.2 
and 2.6. The main definitions are in Figures 3 and 4. The design is subtle, so there follows 
an extended discussion of the definition. 

3.1. Denotation of types 



Definition 3.1. Define [A] the interpretation of types by induction in Figure 3. 



Remark 3.2. [o] is a pair of truth-values, and [N] is the set of natural numbers. [JB] 11 11 is a 
function-space. 8 No surprises here. 

z E [DA] is a pair {Or, x). We suggest the reader think of this as 



We could restrict this to computable functions or some other smaller set but we have our logician's hat on 
here, not our programmer's hat on: we want the larger set. This will make Corollary 3.15 work. If we chose a 
smaller, more sophisticated, and more complex notion of function-space here, then this would actually weaken 
the results we then obtain from the semantics. 



□ 
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• some syntax Dr and 9 

• its purported denotation x. 

We say 'purported' because there is no restriction that x actually be a possible denotation 
of r. For instance, it is a fact that D(0 + 1) :: 2 G {ON}, and D(0 + 1) :: 2 will not be the 
denotation of any r such that h r : N (to check this, unpack Definition 3.11 below). 

So our semantics inflates: there are usually elements in {DAJ that are not the denota- 
tion of any closed term. The reader should remain calm; there are also usually elements in 
function-spaces that are not the denotation of any closed term. The inflated elements in our 
semantics are an important part of our design. 

Notation 3.3. We will want to talk about nested pairs of the form (x\,(x2, ■ . . , (x n , x n+ i))). 
Accordingly we will use list notation, writing x\ :: X2 for (xi, X2) and x\ x n :: x n+ \ 

for (xi, (x2, ■ ■ ■ , (x n ,x n+ i))). See for instance Remark 3.4, Figure 4, and Subsection 3.3.2. 

Remark 3.4. Note that as standard, distinct syntax may have equal denotation. For instance, 
□ (0 + 1) :: landd(l + 0) :: 1 are not equal in [N] . 

Remark 3.5. Why do we inflate? Surely it is both simpler and more intuitive to take {DAJ to 
be {Dr \ h Dr : DA}. 

We could do this, but then later on in Definition 3.11 we would not be able to give a 
denotation to terms by induction on their syntax. 

The problem is that our types, and terms, are designed to permit generation of syntax at 
modal type. Thus, our design brief is to allow dynamic (runtime) generation of syntax. With 
the 'intuitive' definition above, there is no guarantee of an inductively decreasing quantity; 
the runtime can generate syntax of any size. To see this in detail, see Subsection 3.3.3. 

The design of {OA} in Figure 3 gets around this by insisting, at the very moment we 
assert some denotation of a term r of type DA — i.e. some syntax r' of type A — to simultane- 
ously volunteer a denotation for r' — i.e. an element in the denotation of A. (As mentioned in 
Remark 3.2 this denotation might be in some sense mistaken, but perhaps surprisingly that 
will not matter.) 

3.2. Denotation of terms 

We now set about interpreting terms in the denotation for types from Definition 3.1. The 
main definition is Definition 3.11. First, however, we need: 

• some tools to handle the 'syntax and purported denotation' design of {DA} (Defini- 
tion 3.6); and 

• a suitable notion of valuation (Definition 3.7). 

We then discuss the design of the definitions. 

Recall from Notation 3.3 that we may use list notation and write Dr :: x for (Dr, x). 

Definition 3.6. We define hd and tl on x G \A\ (Definition 3.1) as follows: 

• If x G [o] or [N] or [A^-SJ then hd(x) = x and tl(x) is undefined. 

• If (Dr, x) G {DAJ then hd((Dr, x)) = Dr (first projection) and tl((Dr, x)) = x (second 
projection). 



9 We could drop the □ and just write (r, x), but when we build the contextual system in Section 5 the □ will 
fill with bindings (see Definition 5.4) and cannot be dropped, so we keep it here. 
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Definition 3.7. A valuation ? is a finite partial function on A U X. Write ?[X:=x] for the 
valuation such that: 

• (q[X:=x])(X) = x. 

• (<;[X:=x])(Y) = <r (Y) if ? (y) is defined, for all Y other than X. 

• (q[X:=x\){a) = ?(a) if q(a) is defined. 

• (?[X:=x]) is undefined otherwise. 

Define ?[a:=x] similarly. 

Definition 3.8. Suppose T is a typing context and ? a valuation. Write r h ? when: 



1. dom(r) = dom(q). 

2. If a G dom{<;) then a:A G T for some A and <j(a) G [A] . 

3. If X G domfc) then X:DA G T for some A and q(X) G [DA]. 



Remark 3.9. Unpacking Definition 3.1, clause 3 of Definition 3.8 (the one for X) means that 
s(X) = Or' :: x where h dr' : DA and x G [A] . Note also that by the form of the derivation 
rules in Figure 1, it follows that h r' : A. So an intuition for s(X) (cf. Remark 3.2) is this — 

"s(X) is some closed syntax r' (presented as Or' G [DA]), and a candidate deno- 
tation for it x G [A] 

— or more concisely this: 

is a pair of syntax and denotation." 

Definition 3.10. Write q% for the unknowns substitution (Definition 2.15) such that 



ac(JQ = W(?(X)) 



if is defined, and s% is undefined otherwise. 

Definition 3.11. For each constant C : A other than T, _L, and isapp fix some interpretation 
C M which is an element C M G [A] . Suppose r h ? and T h r : A. 



An interpretation of terms [rj c is defined in Figure 4. 



In Subsection 3.3 we discuss the design of [r] f/ with examples. In Subsection 3.4 we 
prove some results about it. 

3.3. Discussion of the denotation 
3.3.1. About the term-formers 

The denotations of T and _L are as expected. To give a denotation to an atom a, we just 
look it up using also as expected. The definitions of Xa:A.r and r'r are also as standard. 

As promised in Subsection 3.1, [Dr] ? returns a pair of a syntax and its denotation. 
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s[a:=x] and s [X:=x] from Definition 3.7. <jx from Definition 3.10. 

IT1 



ml = -i- 



[°Is = ?(°) (° e dom(q)) 

IXa-.A.r},. = (xefAj ^ [r] , ,) 



\r'r\ r = \r'i c \\r\\ 



iUri = (□(r*)) 
{X @ l = tl(,(X)) 
\letX=s inr\ = W ?[ x : =[.s]_] 
[isapp A ] ? (n(rV')) = T« 

[isapp A ] ? (D(r)) = _L M (W, r".r ^ r'r") 



Figure 4: Denotational semantics of terms of the modal type system 



isapp A is there to illustrate concretely how we can express programming on syntax of 
box types: it takes a syntax argument and checks whether it is a syntactic application. 10 Of 
course many other such functions are possible, and if we want them we can add them as 
further constants (just as we might add +, *, and/ or recursion as constants, given a type for 
numbers). 

3.3.2. Example: denotation of let X=0(1 + 2) in DDX® 

To illustrate how Figure 4 works, we calculate the denotation of let X=\3(l + 2) in DOX©. 
We reason as follows, where for compactness and clarity we write ? for the valuation [X:=D(l+2) :: 
3]: 

[let X=D(l+2) in DDX} = {DDX @ j [X:=m+2)U 

= {nnx @ i 

= n((DX @ )[X:=D(l+2)]) :: 

= □□(1+2) :: IDX@1 

= □□(1+2) :: □(X©[X:=D(l+2)]) :: 

= □□(1+2) :: 0(1+2) :: {X®}, 

= nn(l+2) :: 0(1+2) :: fl(D(l+2) :: 3) 

= □□(1+2) :: D(l+2) :: 3 

We leave it to the reader to verify that p(l+2)] = D(l+2) :: 3 and that X @ [X:=D(l+2)} = 
1+2. 

Note that '1 + 2' and TJ(1 + 2)' are different; 1 + 2 denotes 3 whereas D(l + 2) denotes 
the pair 'The syntax 1 + 2, with associated extension 3'. In some very special cases where 
the set of possible denotations is rather small (finite or countable), the distinction between 
terms and their denotations can be hard to see, though it is still there. Usually sets of deno- 
tations are 'quite large' and sets of syntax are 'quite small', but sometimes this relationship 



10 We know non-trivial pattern-matching on applications exists in our meta-logic because our meta-logic is 
English; Jisapp]^- is a function on a set of syntax and we can define whatever operation we can define, on that 
set. 
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is reversed: there are 'somewhat more' terms denoting numbers, than numbers (but much 
fewer terms denoting functions from numbers to numbers than functions from numbers to 
numbers). See Corollary 3.15 and Example 3.16. 

Note also the difference between the valuation q = [X:=D(l+2) :: 3] and the substitution 
[X:=D(l+2)]. The first is a valuation because it maps X to [ON], the second is a substitution 
because it makes X to a term of type DN. 

Sometimes a mapping can be both valuation and substitution; for instance [a:=3] is a 
valuation (a maps to an element of [N]), and is also a substitution. 

3.3.3. Why the natural version does not work 
Natural versions of Definitions 3.1 and 3.11 take 

• the denotation of box type to be just boxed syntax rather than a pair of boxed syntax 
and denotation {DAj = {Dr | h Dr : DA}, and 

• [Dr], = n(rcx) and 

• {X & 1 = {rj where <;(X) = Dr. 

However, this seems not to work; s{X) need not necessarily be a smaller term than X so the 
'definition' above is not inductive. This is not just a hypothetical issue: a term of the form 
\let X=s in rj ? may cause s{X) to be equal to [sj f , and s might generate syntax of any size. 

The previous paragraph is not a mathematical proof; aside from anything else we have 
left the notion 'size of term' unspecified. The reader can experiment with different candi- 
dates: obvious 'subterm of, 'depth of, and 'number of symbols' of are all vulnerable to 
the problem described above, as is a more sophisticated notion of size which gives X size 
oj the least infinite cardinal — since we can generate multiple copies of terms of the form 
let X=r in s, and even if this is closed it can contain bound copies of X. 

3.3.4. Example: denotation of exp 2 

Recalling Subsection 2.3.4, we calculate the denotation of \exp 2j where exp is specified 

by: 

exp => DA6:N.l 
exp (succ(n)) let X=expn mD(A6:N.6* (X@b)). 

We sketch part of the calculation: 

\exp (succ (succ O))J = {let X=exp (succ 0) inO(\b:N.b * (X@b))} 
= P(A6:N.6*(X @ 6))l Mexp(succO)l0] 

= n(\b:N.b* {X @ b))[X:=hd\exp{succ O))] ] 
::[A6:N.6*(X @ 6)l [X: ^ [exp(succO)l0] 

= D(A6:N.6 * (Xb:N.b * ((A6:N.1)6)6)) :: (x £ N^x * x) 



6 + 5 and 5 + 6 denote the same number, whose calculation we leave as an exercise to the energetic reader. 
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3.3.5. Example: denotation of terms for axioms (T) and (4) 
In Subsection 2.3.1 we considered the terms 

Xa:DA.letX=a inX@ : DA -> A and 
XaiDA.let X=a inDDX® : DA-^DDA 

which implement the modal logic axioms (T) and (4). We now describe their denotations, 
without working: 

• \Xa:DA.let X=a in X@J maps Dr :: tl G {DAj to 

• [Aa:DAZeiX=a inDDX®\ maps Dr :: « G pAJ to DDr :: Dr :: iZ. 

3.4. Results about the denotation 

We need a technical result and some notation for Proposition 3.13: 

Lemma 3.12. I/rh? (Definition 3.8) then T h (Definition 2.22). 

Proof. If X dom(s) then X dom(«s)- 

Suppose X G domfc). By Definition 3.10 <x(X) = hd(q(X)). By Definition 3.8 sx(X) G 
[□.A] for some A Unpacking Figure 3 this implies that <xP0 = for some h r : A, and 
we are done. □ 

Proposition 3.13 relies on a dual role played by syntax in qx- It is coerced between deno- 
tation and syntax in (DT), and 'in the other direction' in (Ext). Proposition 3.13 expresses 
this important dynamic in the mathematics of the paper. Technically the result is needed for 
the case of (DI) in the proof of Theorem 3.14. Recall the notation T\u from Notation 2.12. 

Proposition 3.13. Suppose T h r : A and T h q. Then T|a h r <x : A. 

fcx is defined in Definition 3.10; its action on r is defined in Definition 2.18.) 

Proof. By Lemma 3.12 T h ? x . By Proposition 2.23 T h r? x : A. By Lemma 2.19 /a(r<x) = 
/o(r). Now it is a fact that fa(r) C dom(r|A), so by Proposition 2.13 T|a h : Aas 
required. □ 



Theorem 3.14 (Soundness). IfF \- r : A and T h ? then [r] ? is defined and [r] s G [A]. 



Proof. By induction on the derivation of T h r : A. Most of the rules follow by properties of 
sets and functions. We consider the interesting cases: 

• Rule (DI). Suppose T h r : A and fa(r)=0 so that by (DT) T h Dr : A. 

Suppose r h q. Then by inductive hypothesis [r] c G [A]. Also, by Proposition 3.13 

h r ?x : A 

It follows by Definition 3.1 that 

pr] ? = (□(ra)) " 6 [DA] 

as required. 
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• Rule (QE). Suppose T, X:DA h r : Band rhs: CM so that by (DE) T h letX=s inr : 
A. 

Suppose r h By inductive hypothesis for rhs: OA we have [sL G [DA] and so 
there is some term s' and some x G [A] such that (Ds') :: x = [sL and h Ds' : DA. 
Unpacking Definition 3.8, T,X-.nA h ?[X:=(Ds') :: x]. By inductive hypothesis for 
r,X:D,4 hr:Bwe have 

and using Definition 3.11 we have 

[MX=s mr] t = [r] ?[jr!=W::i] e[B] 

as required. 

• Ru/e (Ext). By (Ext) T, h X@:DA. 

Suppose T, X:Dj4 h q. Unpacking Definition 3.8, this means that s(X) = (□«') :: x for 
some s' and x such that h Ds' : OA and x G [A] . From Definition 3.11 [X@J ? = x G 
[A] as required. 

• Ru/e (Hyp). Suppose T,a:A h By Definition 3.8 this means that q(a) G [A]. By 
Definition 3.11 [a] ? = ?(a). The result follows. 

□ 



Corollary 3.15. TTiere is no ferm s sue?/ that h s : (N— »N)— >0(N— hN) is typable and such that 
the map AxGN N .hd{\s\ x) G W(|p(N-^N)] ) [N ^ NI is injective. 



Proof. [N-^NJ is an uncountable set whereas /id([D(N-)-N)]) = {r \ h r : N->N} is count- 
able. The result follows from Theorem 3.14. □ 

Example 3.16. By Corollary 3.15 there can be no term representing a function which reifies 
an element of {A} to corresponding syntax. 

Of course, there might be a term which reifies those elements of [A] that are representable 
by syntax. For specific 'sufficiently small' A, this might even include all of {AJ . 

For example, if A = N then the following function does the job: 

reifyNat =>- DO 
reifyNat (succ(n)) => let X=reifyNat{n) inO(X@+l). 

Remark 3.17. Similar arguments to those used in Corollary 3.15 and Example 3.16 also justify 
why the Haskell programming language has a Show function for certain types, but not for 
function types. 12 We chose full function spaces in Figure 4, so that the models for which 
we prove soundness in Theorem 3.14 would be large, and we did that so that the proof of 
Corollary 3.15 would become relatively easy. Careful consideration has gone into the precise 
designs of lBj lA} and {DAj. 

We will later on in Corollary 6.11 prove a similar result for the contextual system, and 
then later still in Corollary 7.7 surprisingly leverage this to a result which even works for 
functions to all of [□(N^-N)] rather than just to the (much smaller) /mZ([D(N->-N)] ). 



See haskell . org/haskellwiki/Show_instance_for_f unctions, retrieved on January 20, 2012. 
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4. Reduction 

We have Theorem 3.14 (soundness) and Corollary 3.15 (impossibility in general of reify- 
ing denotation to syntax). The other major property of interest is that typing and denotation 
are consistent with a natural notion of reduction on terms. 

So we now turn our attention to the lemmas leading up to Proposition 4.10 and Theo- 
rem 4.11. 

4.1. Results concerning substitution on atoms 

Recall from Definition 2.18 the definition of the atoms-substitution action. Lemma 4.1 is a 
counterpart to Proposition 3.13. We had to prove Proposition 3.13 earlier because calculating 
the denotation [OrL in Figure 4 involves calculating r<Jx (an unknowns-substitution applied 
to a term). 13 Now we are working towards reduction, and /3-reduction can generate atoms- 
substitution, so we need Lemma 4.1. 

Lemma 4.1. Suppose T, a:B \- r : A and T h s : B. Then V h r[a:=s\ : A. 
Proof. By a routine induction on the typing of r. We consider three cases: 

• The case of '(DI). Suppose T, a:B h r : A and fa(r)=0 so that T,a:B h Dr : DAby (DI). 
But then by Lemma 2.21 r[a:=s] = r, and the result follows from Proposition 2.13. 

• The case of (Ext) is similar to that of (DI). 

• The case of (DE). Using the fact from Definition 2.18 that 

(let X=s inr)[a:=s] = let X=s [a:=s] inr[a:=s]. 

□ 

Lemma 4.2. Suppose T,a:B h r : A and V \- s : B, and suppose V h q. Then [[r[a:=s]]] ? = 

Proof. By a routine induction on the derivation of T, a:B h r : A (Figure 1). We consider 
three cases: 

• The case of(UV). We use Lemma 2.21 and Proposition 2.13 (as in the case of (DI) in the 
proof of Lemma 4.1). 

• The case of (Ext). By (Ext) F, a:B, X:A hI @ :A By definition X@[a:=s] = X@. We 
use Proposition 2.13. 

• The case of (Hyp) for a. By (Hyp) T, a:B h a : B. By assumption T, a:B h ? so 
unpacking Definition 3.8, q(a) G [SJ. By Figure 4 ?(a) = [o] f/ and we are done. 

□ 

Proposition 4.3 can be viewed as a denotational counterpart of Proposition 2.13: 

Proposition 4.3. Suppose V \- r : A and V h ? and T h Suppose q(a) = q'(a)for every a G /a(r) 
and <?(X) = s'(X)for every X G /a(r). 
Then [rj ? = [rj ,. 



In the contextual system, calculating the denotation will involve atoms-substitution as well. 
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Proof. By a routine induction on r. □ 
Lemma 4.4. Suppose T, a:A h r : B and T\- s : A, and suppose Y h q. Then 

l(Xa:A.r)sl = lrl [a . =m . 
Proof. We unpack the cases of A and application in Definition 3.11. □ 

4.2. Results concerning substitution on unknowns 

Lemma 4.5. Suppose T h (let X=s inr) : A and F h Then 

\letX=s inr\ = [r] c[X:=[s y. 

Proof. We just unpack the clause for let X=s in r in Figure 4 (well-definedness is from Theo- 
rem 3.14). □ 

Lemma 4.6. Suppose 9 is an unknowns-substitution (Definition 2.15). Suppose X dom(9) and 
suppose fu (6 (Z)) = for every Z e dom(9). 
Then r[X:=Ds]9 = r9[X:=D(s9)]. 

Proof. By a routine induction on r. The interesting case is X@, for which it is easy to check 
that: 

X@9[X:=(Ds)9] = s9 and X m [X:=a S ]9 = s9. 

□ 

Lemma 4.7. Suppose T, X:\JB h r : AandT h Ds : HB, and suppose T h T/zen [r[X:=Ds]]]^ = 
H f [X:=pa] t ]' 

Proof. By induction on the derivation of T, X:Di? h r : A 

• TTze case o/ (DI). Suppose T, I:OB h r : A and /a(r) = so that by (DI) T, X:DB h 
□r : DA We sketch the necessary reasoning: 

l(Dr)[X:=Ds]l = {D(r[X :=Ds])l 

= □(r[X:=Da]) QK " [r[X:=Ds]] s 
= □(r[X:=D S ])« :: [r] c[X:=|p-]f] 
= □(r ?x [X:=D( S?x )]) :: H ?[X:=[n , s y 
[□r] ?[X:=lDslJ = (□r)( ? [X:=p S y) x :: W 



Definition 2.18 
Figure 4 
Ind. Hyp. 

Lemma 4.6 



(□rkx[*:=nKx)] : 
□ (r a [l:=D( Sfx )]) : 



^[X:=[Q S ] ? ] 



Figure 4 
Figure 4 
Definition 2.18 



The case of (Ext) /or X. By (Ext) T, X:QB h X@ : £?. Then we reason as follows: 

[*eLrxwn,i_i = a (I Ds U Figure 4 



^[X:=[D.s]J 

[X e [X:=D S ]] c 



Figure 4 
Definition 2.18 



□ 
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r[a:=s] and r[X:=s] from Definition 2.18. 



{P) iPa) 

(\a:A.r)r — >p r[a:=r'\ letX=\3s inr — >p r[X:=Ds] 

r^pr' s^ps' r^pr' 

71 ( cn S a ) - — : : — —i ( cngl ) 

rs —>p r s Xa:A.r —>p Xa:A.r 

r^-pr' s' 
(cnge) 

let X=s in r —}p let X=s in r 



{r not of the form r'r) 
(isappT) — (isapp_L) 



isapp □(r'r) -tp T isappD(r) ->p _L 



Figure 5: Reduction rules for the modal system 

4.3. Reduction 



Definition 4.8. Define /3-reduction r — >p r' inductively by the rules in Figure 5. 



Remark 4.9. We do not have a rule that if r — >p r' then Dr — >p Or'. This would be wrong 
because it does not respect the integrity of the syntax of a term; syntax, in denotation, does 
not inherently reduce. 

We do however allow reduction under a A. This is purely a design choice; we are inter- 
ested in making as many terms as possible /3-convertible, and less immediately interested 
in this paper in finding nice notions of /3-normal form. If we did not have a denotational 
semantics then we might have to be more sensitive to such questions (because normal forms 
are important for consistency) — because we do have a denotational semantics, we obtain 
consistency via soundness and the precise notion of normal form is not so vital. 

Proposition 4.10. IfF h r : A and r — >■ r' then T h r' : A. 

Proof. By a routine induction on r. The case of (/3) (AaiAr)r' —>p r [a: =r'] follows by Lemma 4.1; 
that of (/?□) follows by Proposition 3.13. □ 

Theorem 4.11. Suppose T \- r : A and V h q. Suppose r —?~p r'. Then [r] c = [r'] ? . 

Proof. By induction on the derivation of r — >p r'. 

• The case of (j3) follows by Lemmas 4.2 and 4.4. 

• The case of (/?□) follows by Lemmas 4.5 and 4.7. 

□ 
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5. Syntax and typing of the system with contextual types 



The modal type system is beautiful, but is a little too weak for some applications. The 
issue is that X ranges over closed syntax. If we are working under some A-abstractions, we 
may well find this limiting; we want to work with open syntax so that we can refer to the 
enclosing binder. This really matters, because it affects the programs we can write. For 
instance in the example of exponentiation from Subsection 2.3.4, the issue of working under 
a A-abstraction forced us to generate unwanted /3-redexes. 

The contextual system is one way to get around this. Syntax is still closed, but the no- 
tion of closure is liberalised by introducing a context into the modality; to see the critical 
difference, compare the Q]I) rule in Figure 6 with the (DI) rule from Figure 1. The interested 
reader can see how this allows us to write a nicer program for exponentiation, which does 
not generate /3-redexes, in Subsection 6.2.2. 

5.1. Syntax of the contextual system 

Notation 5.1. The contextual system needs many vectors of types and atoms-and-types. For 
clarity, we write these vectors subscripted, for instance: 

• (af.Ai)™ is shorthand for {a\:A\ : . . . , a n :A n }. 

• [Ai]^A is shorthand for [A 1: ..., A n ]A. 

• {Ai)1^A is shorthand for A 1 ^-(A 2 ^ . . . (A n -^A)). 

• {aj}i i s shorthand for {a\, . . . , a n }. 

• A(xj:Aj)™.r is shorthand for \x±:Ax. . . . \x n :A n .r. 

• [ai\=Xi\i will be shorthand for the map taking to xi for l<i<n and undefined else- 
where (Definition 5.10). 

We may omit the interval where it is understood or irrelevant, so for instance {ai} and {cii}i 
are both shorthand for the same thing: "{ai, . . . , a n } for some n whose precise value we will 
never need to reference", and (Ai)— >A is shorthand for "(Ai)™— >A for some n whose precise 
value we will never need to reference". 

We take atoms and unknowns as in Definition 2.1. 

Definition 5.2. Define types inductively by: 



A::=o\N\ A^ A\ [A^A 



o (truth-values), N (numbers), and A— >B (functions) are as in Definition 2.2. [j4j]" A is a 
contextual type. Think of this as generalising the modal types of Definition 5.2 by 'allowing 
bindings in the box'. 

Definition 5.3. Fix a set of constants C to each of which is assigned a type type(C). We write 
C : A as shorthand for 'C is a constant and type(C) = A'. We insist that constants include 
the following: 

_L : o T : o isapp^ : (HA)— >o 
We may omit the type subscripts where they are clear from context or do not matter. 
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(Hyp) (Const) 

F,a:Aha:A T h C : type(C) 

T,a:Ahr:B r h r' : A B T h r : A 

(-►!) f->-E) 

r h (Aa:Ar) : ,4 B T h r'r : £ 

r,(ai:Ai)i h r : A (fa{r)C{ ai }i) V, X:\AAA \- r:B T \- s:\AAA 

^TTTf — 71 F771 ( 1 (H E ) 

r h [aj:Aj]r : T h let X=s inr : B 

T,X -.[A^Ahrj : Aj (l<j<n) 



T,X : [A^A \- X@(rj)" : A 



(Ext) 



Figure 6: Contextual modal type theory typing rules 
Definition 5.4. Define terms inductively by: 



r ::= C \ a \ Xa:A.r \ rr \ [af.Ai]r \ X@(n)i \ letX=r inr 



Remark 5.5. The syntax of the modal type system in Definition 2.6 injects naturally into that 
of Definition 5.4, if we map □- to [ ]- (the empty context) and -@ to -@Q. 

The important extra complexity is in X@(rj)"; when X is instantiated by a substitution 
6, this triggers an atoms-substitution of the form [aj:=rj]™. See Definition 5.11. 

Definition 5.6. Define free atoms fa(r) and free unknowns fu(r) by: 

fa(C) = fa(a) = {a} 

fa(Xa:A.r) = fa(r) \ {a} fa(rs) = fa(r) U fa(s) 

fadaf.Ail^r) = fa(r) \ {ax, . . .,a n } fa(letX=s inr) =fa(r)Ufa(s) 
fa(X@( Sl ) l )=\J i fa( Si ) 

fu(C) = fu(a) = 

fu(Xa:A.r) = fu(r) fu{rs) = fu(r) U fu(s) 

Miaf.Ailr) =fu(r) fu{letX=s inr) = (fu(r)\{X}) U fu(s) 
fu(X@(s l ) l )={X}U{JJu(s i ) 

Definition 5.7. We take a to be bound in r in \a:A.r and ai, . . . , a n to be bound in r in 
[af.A] "r, and we take X to be bound in r in let X=s in r. We take syntax up to a-equivalence 
as usual. For example: 

• Xa:A.a = Xb:A.b 

• Xa:A.[b:B]{(X@{b))a) = Xb:A.[a:B}((X@a)b) ^ Xb:A.[b:B]((X@(b))b) 

• letX=[a:A]a in(X@(b)) 
= letY=[a:A]a in(Y@(b)) 
= letY=[b:A]b in (Y@(b)) 
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5.2. Typing for the contextual system 

Definition 5.8. A typing is a pair a : A or X : [yljjjA A typing context T is a finite partial 
function from A U X to types (as in Definition 2.10, except that unknowns have contextual 
types instead of just box types DA). 

A typing sequent is a tuple r h r : A of a typing context, a term, and a type. 



Define the valid typing sequents of the contextual modal type system by the rules in 
Figure 6. 

Recall the notation F\u from Notation 2.12. Proposition 5.9 repeats Proposition 2.13 for 
the contextual system: 

Proposition 5.9. IfT hr:Aand T'\ fu{r)uHr) = r| /u(r)u/a(r) then V h r : A. 

Proof. By a routine induction on r. □ 

5.3. Substitution 

Definition 5.10 reflects Definition 2.15 for the richer syntax of terms: 

Definition 5.10. An (atoms-)substitution a is a finite partial function from atoms A to terms. 
a will range over atoms-substitutions. 

Write dom(a) for the set {a \ a (a) defined} 

Write id for the identity substitution, such that dom(a) = 0. 

Write f <2j: — %i\x for the map taking aj to xi for l<i<n and undefined elsewhere. 

An (unknowns-)substitution 9 is a finite partial function from unknowns X to terms 
such that if 6(X) is defined then 9(X) = [ai-.A^r for some r with fa{r) C {ai, . . . , a n } (so 
fa(9(X)) = for every X G dom{9)). 

9 will range over unknowns-substitutions. 

We write dom(9), id, and [JQ :=*»]" just as for atoms-substitutions (we will be most inter- 
ested in the case that n = 1). 

We also reflect Definition 2.16 and write fa(a) and fu(9), but using the notions of 'free 
atoms' and 'free unknowns' from Definition 5.6. The definition is formally identical: 

fa (a) = dom(a) U {fa(a(a}) \ a G dom(a)} and 
fu(9) = dom{9) U {fu{9{X)) | X G dom(9)} 



Definition 5.11. Define substitution actions ro and r9 by the rules in Figure 7. 



Remark 5.12. The capture-avoidance side-conditions of Definition 5.11 (of the form '* 
fa(a)' or '* fu(6)') can be guaranteed by a-renaming. 

Strictly speaking the case of (X@(rj)™)# introduces a partiality into the notion of sub- 
stitution action; we assume that 9(X) = [ai-.A^s' and for this to make sense it must be that 
n = m; if n ^ m then the definition is not well-defined. However, for well-typed syntax this 
is guaranteed not to happen, and since this is the only case we will care about, we will never 
notice this. 
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Ca = 


C aa = 


a(a) 


(a G dom(a)) 


(rs)a = 


(ra)(sa) aa = 


a 


(a dom(a)) 


(X@(n)i)a = 


X@(na)i {Xc:A.r)a = 


Xc:A.(ra) 


(c^fa(a)) 


(let Y=s in r)a = 


letY=sa inra ([af.Ai]r)a = 


[ai:Ai\(ra) 


(aj g fa(a) alii) 


ce = 


C a8 = 


a 




(rs)9 = 


(r9)(s6) (x@( n )i)e = 


s'[ai:=ri] 


(9(X) = [a i :A i ]s l ) 


{[ ai :Ai]r)e = 


[ai-.A^rO) (X@( n ))9 = 


x@( n ) 


(X dom{B)) 


(Xc:A.r)9 = 


Xc:A.(r9) (let Y=s in r)9 = 


let Y=s9 in rO 


(Y?fu(9)) 



Figure 7: Substitution actions for atoms and unknowns (contextual syntax) 



We conclude this section with some important definitions and results about the interac- 
tion of substitution and typing, which will be needed for Theorem 6.10. 

Definition 5.13 reflects Definition 2.22, but we need r h a as well as F h 9: 

Definition 5.13. Write T \- 6 when if X G dom(9) then X:[Ai]A G T for some [A^A and 
r h 9{X) : [Ai]A. 

Similarly write r h a when if a G dom(a) then a:A G T for some A and T h a(a) : A. 
Lemma 5.14. fa(r9) = fa(r) where r9 is defined. 

Proof. By a routine induction on r using our assumption of Definition 5.10 that if X G dom(9) 
then fa{9(X)) = 0. □ 

Lemma 5.15 reflects Lemma 4.1. However, unlike was the case for the modal system, it 
is needed for Proposition 5.16/2.23 because the case of (X@(ri))9 in Definition 5.11 triggers 
an atoms-substitution. 

Lemma 5.15. Suppose V \- r : A and T h a. Then T h ra : A. 

Proof. By routine inductions on the derivation of T h r : A. □ 

Proposition 5.16 reflects Proposition 2.23 and is needed for soundness of the denotation. 
The proof is significantly more complex, because of the atoms-substitution that can be intro- 
duced by the case of (X@(sj))6. This is handled in the proof below using Lemma 5.15. 

Proposition 5.16. Suppose V h r : A and T h 0. Then V h r6 : A. 

Proof. By a routine induction on the typing of r. We consider two cases: 

• The case of ([}!). Suppose T, ibf.Bj) h r : A and fa(r)C{bj \ j} so that T h [bj:Bj]r : 
[BjjAby ([]!). By inductive hypothesis T, (bf.Bj) h r9 : A. By Lemma 5.14 fu(r9)Q{bj \ 
j}. We use ([]I) and the fact that {[bj:Bj]r)e = [bf.Bj]^). 

• The case of (Ext) for X G dom(9). Suppose r,X:[Aj]^^4 h Sj : Aj for each l<j<m 
so that by (Ext) T, X:\Af\j A h X@(sj)j-.A. By inductive hypothesis T h Sj6» : A; for 
each j. By assumption h ?(X) : [A,-]^, which implies that s(X) = [aj\Aj]r' for some 
r' such that (afAj)j \- r' : A. By Lemma 5.15 T h r'[aj\=SjB] : A. By the definitions 
(X@(sj)j)B = r'[aj-.=Sj}j, so we are done. 

□ 
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M 


= {T K ,± X } 


IN] 


= {0,1,2,...} 


[A-+BJ 


= m m 




= {[af.Aiftr | h [af.Atfr : [A*]^} x {A} 11 ^ 1 ^ 



Figure 8: Denotational semantics for CMTT types 



[11, = 1 K 
[o] ? = ?(a) 
[AatArJ, = (xe[A] ^ [r] r[ „ != 



qa:=xj 

II' Ik U ' I V 



IrVL = Ir'lk II r 



[ai:A]?r] s 



"5£ 



[isapp A H ? ([a i :>l < ](r'r)) 
[isappx] ? ([at:Ai](r)) = _L M otherwise 



Figure 9: Denotational semantics for terms of the contextual system 



We could now give a theory of reduction for the contextual system, following the defini- 
tion of reduction for the modal system in Subsection 4.3. However, we will skip over this; 
the interested reader is referred elsewhere [NP05]. What is more interesting, from the point 
of view of this paper, is the models we define for the contextual system, which we come to 
next. 



6. Contextual models 

6.1. Denotational semantics 

Definition 6.1 is like Definition 3.1, except that instead of box types, we have contextual 
types: 

Definition 6.1. Define {AJ the interpretation of types by induction in Figure 8. 

Definition 6.2. A valuation ? is a finite partial function on A U X. 
We define ?[X:=x] and s[a:=x] just as in Definition 3.7. 

Definition 6.3. Write for the substitution (Definition 5.10) such that sk(X) = hd{q{X)) if 
s(X) is defined, and sx(X) is undefined if s(X) is undefined. 

Definition 6.4. If T is a typing context then write r h ? when: 



1. 


dom(T) = dom{q). 




2. 


If a 6 dom{<,) then T(a) = A for some A and <j 


a) G [A]. 


3. 


If X G dom(?) then T{X) = [AAA and q(X) € 


l[Ai)Al 
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Remark 6.5. Unpacking Definition 6.1, clause 3 (the one for X) means that q(X) = [af.Ai]r' 
and h [ct^AJr' : [AJA Following the typing rules of Figure 6, this is equivalent to 

{af.Ai)i hr' : A 

Definition 6.6. For each constant C : A other than T, _L, and isapp fix some interpretation 
C M which is an element C K G [A] . Suppose T h <j and r h r : A. 



An interpretation of terms [rj c is defined in Figure 9. 



Remark 6.7. Definition 6.6 is in the same spirit as Definition 3.11, but now the modal types 
are contextual; the modal box contains a context a\:A\, . . . ,a n :A n . When we calculate [X@(ri)"]] 
the denotation of X@(rj)™, the denotations of the terms provide denotations for the vari- 
ables in that context. 

Lemma 6.8. IfT h q then T h ? x . 

Proof. If X dom(q) then X dom(?x)- 

Suppose X G dom(q). By Definition 6.3 ? X (X) = hd{q(X)). By Definition 6.4 ? X (X) G 
[[A*]™ -A] for some [AJ"A Unpacking Figure 8 this implies that ?x(X) = [a^.A^r for some 
h [af.Ai^r : [A;]™ A and we are done. □ 

Lemma 6.9. Suppose T \- r : A and Fh?. Then T\& h r?x : A 

Proof. By Lemma 6.8 T h 9&. By Proposition 5.16 T h r qj : A By Lemma 5.14 fa{rq%) = fa(r). 
It is a fact that /a(r) C dom(T\^), so by Proposition 2.13 T\& h r ?x : A as required. □ 



Theorem 6.10 (Soundness). IfT \- r : A and T\- q tfzen [r] ? G [A]. 



Proof. By induction on the the derivation of T h r : A Most of the rules follow by properties 
of sets and functions. We consider the interesting cases: 

• Rule ([]!). Suppose T, (a;:A)? hr: Aso that by {[}!) T h [a i: A]r : [A]A Suppose 
/a(r)C{ai, . . . ,a ra } and r h q. Using Lemma 6.9 h [aj:A;](rsx) : A 
Suppose Xi G [A] for l<i<n. By Definition 6.4 

r, (afAift h s[ai:=Xift 

so by inductive hypothesis for the derivation of T, (a^A;)" h r : A it follows that 

Now this was true for arbitrary xi and it follows from Definition 6.1 that [[[a^A]?^ G 
[[[A] A] as required. 
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• Rule ([]E). Suppose T,X:[Ai]A \- r : B and T h s : [AJA so that by ([]E) T h 
Zet X=s inr : B. 

Suppose r h q. By inductive hypothesis for r h s : [Aj\A we have [s] e G [[Aj]A] . 

It follows by Definition 6.4 that T, X: [AAA h [-X":=|[s]]^] so by inductive hypothesis for 

T, X: [Aj] A hr:Bwe have [ r l ? [x=[ s ] ] e 1-^1 • We now observe by Definition 6.6 that 

\letX=s mr] 5 = [r] ?N>]J e[B]. 

• Ru/e (Ext). Suppose T, Jf ^AJ^A h r, : A* for l<i<n so that by (Ext) T, X:[Ai]^A h 
X@(ri)?:A 

By inductive hypothesis for the typings T, X:[Aj]™ A h ri : Ai we have \rA\^ G [A*] for 
l<i<n. 

Suppose r,X:[Ai] A h <f. By Definitions 6.4 and 6.6 this means that ?(X) = ([ojA^r') :: 
/ for some h [a f :A i ]r / : [A 4 ]A and some / G (nf =1 [Ail)^-[A]. It follows that 
/ (Nlji G [AJ as required. 

• Ru/e (Hyp). Suppose T,a:A h <r. By Definition 6.4 this means that <j(a) G [A]. By 
Definition 6.6 [a] s = ?(a). The result follows. 

• Rw/e (— Suppose T, a:A h r : B so that by (— >T) F h AaA.r : A-^B. Suppose 
r h ? and choose any x G [A]. It follows that T,a:A h ?[o:=rc] and so by inductive 
hypothesis that [r\ [a:=x] G {Bj. 

Since x G [A] was arbitrary by Definition 6.6 we have that 

[AaA.rJ, = (x G [A] ^ H c[o:=a!] ) G [A^SJ. 

□ 

Corollary 6.11. 1. TTzere is no term s suc/i £/ia£ 0hs: (N— >-N)— >-[](N— >-N) is typable and such 
that the map AxGN N .hd{{sj x) G W([[](N^N)]])I N ^ N 1 zs injective. 
2. There is no term s such that h s : (N— »N)— >\N]N is typable and such that the map 
\xen N .hd(ls} x) G M([[N]N])I N ^ N 1 is injective. 

Proof. frd[[](N-»N)] and M[[N]N] are both countable sets whereas [N— >NJ = N N is uncount- 
able. □ 

6.2. Typings and denotations in the contextual system 

The examples from Subsection 2.3 transfer to the contextual system if we translate □- to 
[]- and -@ to -@Q (cf. Remark 5.5). So the reader can look to Subsection 2.3 for some simpler 
examples. 

We now consider some slightly more advanced ideas. 

6.2.2. Moving between [A]B and [](A-kB) 

We can move between the types [A]B and [ ] (A— hB) using terms / : [A]B— ►[] (A—>B) and 
g : [](A-tB)->[A]B defined as follows: 

0h/ = Xc:[A]B.letX=cin[]Xa:A.X@(a) : [A]B->[](A-+B) 
h g = Xc:[](A->B).letX=c in [a:A]((X@Q)a) : [](A->B)->[A]B 

It is routine to check that the typings above are derivable using the rules in Figure 6. 
Intuitively we can write the following: 
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• f maps [a:A]r to []Xa:A.r. 

• g maps []Aa:Ar to [a:A]((Xa:A. r)a) (so g introduces an /3-redex). 



This can be made formal as follows: 



hdlf([a:A]r)l = []Xa:A.(r^) a 
hdlg([]Xa:A.r)l = [a:A]((Xa:A.(r^))a) 



and 



The fact that g introduces a /3-redex reflects the fact that we have given our language facilities 
to build up syntax — but not to destroy it. We can build a precise inverse to / if we give 
ourselves an explicit destructor for A-abstraction. 

So for instance, we can give ourselves option types and then admit a constant symbol 
matchJam : [](^4— >A)— >opi\on([A]B) with intended behaviour as follows: 



Using matchJam we could map from [](>!— >B) to [A]B in a manner that is inverse to /. 

6.2.2. The example of exponentiation, revisited 

Recall from Subsection 2.3.4 the discussion of exponentiation and how in the modal sys- 
tem the natural term to meta-program exponentiation introduced /3-reducts. 

The following term implements exponentiation: 



This term does not generate /3-reducts in the way we noted of the corresponding term from 
Subsection 2.3.4. For instance, 



Compare this with Subsection 3.3.4. 

Think of the [b:N] in [fo:N]r as a 'translucent lambda', and think of X@(ri) as a correspond- 
ing application. We can use these to carry out computation — a rather weak computation; just 
a few substitutions as formalised in the clause for X@(ri)i in Figure 7 — but this computation 
occurs inside a modality, which we could not do with an ordinary A-abstraction. 

Now might be a good moment to return to the clause for [ai:Aj]r in Figure 9: 



We see the A-abstraction in the semantics, and we also see its 'translucency': the A-abstraction 
appears in the extension, but is also associated with a non-functional intension. 



We do not promote this language directly as a practical programming language, any more than one would 
promote the pure A-calculus. We should add constants for the operations we care about. 

The point is that in this language, there are things we can do using the modal types that cannot be expressed 
directly in the pure A-calculus, no matter how many constants we might add. 





none otherwise 



expO => [6:N]1 
exp(succn) => let X=[b:N]exp n in [b:N](b * (X@(b))) 



hd\exp2} = [6:N](6*6*1). 



{[ai-.A^rl = [ai:A]?(rot) :: (A(a*€[^]^[r] f[a . :=a! . ]? ) 
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6.2.3. Syntax to denotation 

There is a schema of unpack programs, parameterised over (af.Ai)™ which evaluates syn- 
tax with n free atoms: 

unpack = Xb:[Ai\^B.let X=b in A(a i :^ i )y.X@(a i )i : [A^B^A^^tB) 

We can express the following connection between unpack (which is a term) and tl (which is 
a function on denotations): 

Lemma 6.12. Suppose V h [ai:^4j]s : [Ai]A and T h Then 

{unpack [ai-.A^sj^ = tl{[ai:Ai}sl^. 
Proof. By long but routine calculations unpacking Figure 9. □ 

As an aside, note that if we have diverging terms coi : Ai then we can combine this with 
unpack to obtain a term h Xa:[Ai] A. unpack a : >A. In a call-by-name evaluation 

strategy, this loops forever if evaluation tries to refer to one of the (diverging) arguments. 

6.2.4. Modal-style axioms 

As in Subsection 2.3.1 we can write functions corresponding to axioms from the necessity 
fragment of S4: 



T = Xa:[]A.letX=a inX@Q 
A = Xx.letX=x in[][]X@() 
K = Xf.Xx.let F=f in let X=x in F@Q X@Q 

(Of course, T is just a special case of unpack above.) 



[}A-+A 

[}A^[][]A 

[](^B)->[]^[]B 



6.2.5. More general contexts 

Versions of the terms 4 and K exist for non-empty contexts. For example, we can have a 
schema of 4p axioms, for any context T: 

4 r = Xx:[T]A.letX=x in[][T]X@(id r ) : [T]A->-[ ][r]A 

Here and below we abuse notation by putting [r] in the type; we intend the types in T, with 
the variables removed. 

Above, idr is the identity substitution defined inductively on V by 

id. = ■ and idr, x -.A = idr,x. 

Note that the terms realising 4r are not uniform, because the substitution idr is not a term 
in the language; it is a meta-level concept, producing different syntax depending on T. 
Similarly, we have a schema of Kr terms: 

K T = Xf.Xx.let F=f in letX=x in [T]F@id r X@id r : [T](A^B)^[T}A^[T}B 

. . . and terms exposing the structural rules of contexts: 



[Ti]^[ri,r 2 ]A 

[B,B]A->[B]A 
[B,C]A-+[C, B]A 



weakenY 1) v 2 = Xz.let Z=z in [Ti,T2](Z@(idr 1 )) 

contracts = Xz.let Z=z in [x:B](Z@(x, x)) 
exchange B c = Xz.let Z=z in [y.C, x:B](Z@(x, y)) 

We give weaken in full generality and then for brevity contract and exchange only for two- 
element contexts. If we think in terms of multimodal logic [GKWZ03] these terms 'factor', 
'fuse', and 'rearrange' contexts/ modalities. 
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tl(x) G [Aj is shapely x = {hd{x)J 

(Shapef]) 



x G {[]A} is shapely 

Vy G \B} .y is shapely =4> xy G [A] is shapely 
x G [-B— »A]| is shapely 



(ShapeFun) 



(ShapeB) ■ (ShapeN) 



x G [B] is shapely x G [N] is shapely 



Figure 10: Shapeliness 



7. Shapeliness 

We have seen semantics to both the modal and contextual type systems. We have also 
noted that, like function-spaces, our semantics inflates. We discussed why in Remark 3.5 and 
Subsection 3.3.3. 

In this section we delve deeper into the fine structure of the denotation to isolate a prop- 
erty of those parts of the denotation that can be described by syntax (Definition 7.1). This is 
an attractive well-formedness / well-behavedness property in its own right, and furthermore, 
we can exploit it to strengthen Corollaries 3.15 and 6.11 (see Corollary 7.7). 

Definition 7.1. Define the shapely x G {AJ inductively by the rules in Figure 10. 
Call s shapely when: 

• s(X) is shapely for every X G dom(s). 

• <f(a) is shapely for every a G dom(s). 

Intuitively, x is shapely when, if it is intensional (so x is in some [[A^A]) then the inten- 
sion hd(x) and the extension tl(x) match up. In particular, this means that elements in [B], 
[N] , or [N— >N\ — are automatically shapely. Conversely, x is not shapely if it has an inten- 
sion and an extension and they do not match up. The paradigmatic non-shapely element is 
[]0 :: 1, since the intension 'the syntax 0' does not match the extension 'the number 1'. 

Lemma 7.2. 1. If x G \B— >AJ is shapely and y G [-B] is shapely, then so is xy G {AJ. 

2. Ifx£ l[Ai]A} is shapely then x = [hd(x)\ . 

3. Every f G N N is shapely. 

Proof. The first two parts follow from the form of the inductive definition in Figure 10. The 
third part is a simple application of (ShapeFun), noting that by (ShapeN) every n G N is 
shapely. □ 

We can combine Lemmas 7.2 and 6.12 to get a nice corollary of shapeliness (unpack is 
from Subsection 6.2.3): 

Corollary 7.3. If x G [[Aj]^] is shapely then tl(x) = \unpack hd(x)j . 

Proof. Suppose x G [[[Aj]yl]] is shapely, so that by part 2 of Lemma 7.2 x = lhd(x)} . We 
apply tl to both sides and use Lemma 6.12. □ 
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Lemma 7.4. SupposeT,X : [Bi)B h r : A, T h [ojiB^a : [Bi}B,andTh q. T/zen [r[X:=[ai:5i]s]] ? = 

W, [X:=[[B , i]sW - 

Proof. By a routine induction on the derivation of T h r : A, similar to the proof of Lemma 4.7. 

□ 

Corollary 7.5. Suppose T \- r : A, T \- q, and q is shapely. Then [r] s = Jr Qcl f | A - 

Proo/. First, we note that the effect of c x can be obtained by concatenating [X:=/irf(?(X))] 
for every X G /u(r). The order does not matter because by construction hd(q(X)) is closed 
syntax (no free variables). Furthermore since q is shapely q(X) = lhd(q(X))} so we can 
write q as 

c| A U [X: = lhd{q(X))j q | X G dom(q)}, 

where here [X:=xx \ X G X] is the map taking X to xx for every X G <Y. 15 We now use 
Lemma 7.4 for [X:=q(X)] for each X G fu(r), and Proposition 5.9. □ 

Proposition 7.6. Suppose V \- r : A and suppose T\- q. Then ifq is shapely then so is [r] ? . 

Proof. By induction on the typing rhr:A (Figure 6). 

• The case of (Hyp) is immediate because by assumption q(a) is shapely. 

• The case of (Const) is also immediate (provided that all semantics for constants are 
shapely). 

• The case of (— >I). Suppose T, a: A h r : B so that by (— >I) T h Aa:Ar : A— >B. Suppose 
x G \A\ is shapely. Then so is c[a:=x] and by inductive hypothesis so is M ? r a ._ a .i- It 
follows by (ShapeFun) that 

\\a:x.r\ = (x G {A} ^ [r\ [a:=x] ) 

is shapely. 

• The case of (— KE). Suppose r h r' : A— »f? and r h r : A so that by (— »E) r h r'r : B. 
By inductive hypothesis [r'] s and [r] ? are both shapely. By part 1 of Lemma 7.2 so is 

lr'rj q = Ir'Url. 

• The case of ([]!). Suppose T, (af.Ai) \- r : A and fa(r) C {a;} so that by ([]I) T h 
[a 4 :Ai]r : [AJA. 

By inductive hypothesis [r] / is shapely for every shapely c/ such that T, (af.Ai) h c' 
and it follows that ii[[aj:Aj]r] ? = [A(oj:Ai).r] ? is shapely. 
Also unpacking definitions 

/id[[ai:Ai]r] ? = [af.AiKrqx). 
So it suffices to verify that [[a»:Ai]r] f = [[ai:Aj](rqx)] . This follows from Corollary 7.5. 

□ 



Strictly speaking we also need a version of Proposition 4.3 for the contextual system; this is not hard. 
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Corollary 6.11 proved that denotations cannot be reified to syntax in general, by general 
arguments on cardinality. But our denotational semantics is inflated; [[](>!—>■£?)] and {A— >BJ 
have the same cardinality even if /tci([[](A— KB)]) and \A— >B} do not. Corollary 7.7 tells us 
that we cannot in general even reify denotation to the 'inflated' denotations, even if they are 
large enough. In this sense, inflation is 'not internally detectable': 

Corollary 7.7. 1. There is no term s such that h s : (N— >-N)— >-[](N— >N) is typable and such 
that [s] 6 [[](N^N)] IN ^ NI is injective. 
2. There is no term s such that h s : (N— >-N)— >-[N]N is typable and such that [sj G 
[[[N]N]] IN ^ NI is injective. 

Proof. By Proposition 7.6 s is shapely, so by part 1 of Lemma 7.2 it maps shapely elements 
of N N = [N— >-Nj to shapely elements of [[](N-»N)1 /[[N]NJ. By part 3 of Lemma 7.2 and 
the fact that N N is uncountable, the number of shapely elements of N N is uncountable. By 
part 2 of Lemma 7.2 and the fact that syntax is countable, the number of shapely elements of 
[[ ] (N— >N)J and [[N]N] is countable. The result follows. □ 

It is clear that part 1 of Corollary 7.7 can be directly adapted to the modal system from 
Section 2. 

8. □ as a (relative) comonad 

We noted as early as Remark 2.14 that □ looks like a comonad. In this section, we show 
that this is indeed the case. 

Before doing this, we would like to convince the reader that this is obviously impossible. 

True, we have natural maps OA — > A (evaluation) and OA — > OOA (quotation). How- 
ever, if □ is a comonad then it has to be a functor on some suitable category, so we would 
expect some natural map in (^4— >B) — > (OA—tOB). This seems unlikely because if we had 
this, then we could take A to be a unit type (populated by one element) and B = (N— >N) 
and thus generate a natural map from N— to D(N— >N). But how would we do this in the 
light of Corollaries 6.11 and Corollary 7.7? Even where closed syntax exists for a denota- 
tion, there may be many different choices of closed syntax to represent the same denotation, 
further undermining our chances of finding natural assignments. '□ as a comonad' seems 
doomed. 

This problem is circumvented by the 'trick' of considering a category in which each de- 
notation must be associated with syntax; we do not insist that the syntax and denotation 
match. This is essentially the same idea as inflation in Remark 3.2 (but applied in the other 
direction; in Remark 3.2 we inflated by adding a purported denotation to every syntax; here 
we are inflating by adding a purported syntax to every denotation). In the terminology of 
Definition 7.1 we can say that we do not insist on shapeliness. We simply insist that some 
syntax be provided. 

Modulo this 'trick', □ becomes a well-behaved comonad after all. 

8.1. O as a comonad 

Notation 8.1. Write n\ for first projection and tt2 for second projection. 
That is, 7ri(x, y) = x and -^(x, y) = y. 
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Definition 8.2. Suppose / G (BBj [DAI . Define a function □/ G [□□5] pDAI by sending 

CDs::x to □^(/(□s :: [*] )) :: /(x) 
where x G [DA] and s : A. 

Remark 8.3. It may be useful to unpack what □/ does. Suppose 

f(Br :: x) = □/ :: x and f(Bs :: y) = Us :: y 
where x G [A] and y = [s] . Then □/ sends CDs :: Clr :: x to CDs' :: Cr' :: x'. 
Definition 8.4. Define a category J7" by: 

• Objects are types A. 16 

• Arrows from Ato B are functions from {OA} to [□£?] (not from [A] to [i?] ; as promised 
above, some syntax must be provided). 

Composition of arrows is given by composition of functions. 

Definition 8.5. Define an endofunctor □ on J mapping 

• an object A to CIA = DA and 

• an arrow / : A -»• B to □/ : BA BB from Definition 8.2. 

So □ is a type-former acting on types and □ is a functor acting on objects and arrows. Objects 
happen to be types, and □ acts on objects just by prepending a □. Arrows are functions on 
sets, and the action on □ on these functions is more complex as defined above. 

Definition 8.6. • Write id a for the identity on [DA] for each A. 

• Write 5 a for the arrow from BA to A given by the function mapping [CCA] to [DA] 
taking CDr :: x to x (where x G [DA] ). This will be the counit of our comonad. 

• Write €a for the arrow from BA to BBA given by the function mapping [CCA] to 
[□□□A] taking CDr :: x to CDdr :: CDr :: x (where x G {OA}). This will be the 
comultiplication of our comonad. 

Lemma 8.7. Bfrom Definition 8.5 is a functor. 

Proof. It is routine to verify that Bid a = id^A an d if / : A — > B and g : B — > C then 

BgoBf = B(gof). ' B 

Lemma 8.8. • 5 a is a natural transformation from Btoidj (the identity functor on J). 

• €a is a natural transformation from B to BB. 

Proof. Suppose / : A — > B. For the first part, we need to check that / o 5a = 5b Bf. This is 
routine: 

(/o 5 A )(BBr :: x) = f(x) and 

S B o □/ = 7r 2 (Cka(/(L> :: [rj )) :: /(x)) = f(x) 

The second part is similar and no harder. □ 



16 The reader might prefer to take objects to be fAJ . This is fine; the assignment A i — > |A] is injective, so it 
makes no difference whether we take objects to be A or [A] . 
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Note that H15 A is an arrow from HEM to HA 
Lemma 8.9. B6 A maps CCDs :: DDr :: x G [□□□A] to CDs :: x G {DBA}. 
Proof. By a routine calculation on the definitions: 

□^(□□□s :: DDr :: x) = □^(^(□□□s :: pDs] )) :: 6 A (DDr :: x) Definition 8.2 

= D7T1 (<*>!(□□□« :: [□□s]0)) :: » Definition 8.6 

= □•7r 1 ([nDs] ) :: x Definition 8.6 

= CDs :: x Figure 4 

□ 

Proposition 8.10. □ is a comonad. 
Proof. We need to check that 

• Be A °eA = cra 6 A and 

• $BA °£A = idA = EMa ° £A- 

Both calculations are routine. We consider just the second one. Consider CDs :: Cr :: x £ 
[□□A]. Then 

(<*ELA ° £ A)(nns :: Or :: x) = 5 BA ( » CDs :: Dr :: x) 

= CDs :: dr :: x 

(□5a o e A )(CDs :: Cr :: a?) = □^(□□□s :: CDs " Dr :: x) 

= CDs :: dr :: x 

The shaded part is the part that gets 'deleted'. In the second case we use Lemma 8.9. □ 

8.2. Has a relative comonad 

Recall that in the previous subsection we represented □ as a comonad on a category with 
the 'trick' of associating syntax to every denotation. 

It is possible to put this in a broader context using the notion of relative comonad. 

Definition 8.11. Following [ACU10], a relative comonad consists of the following informa- 
tion: 

• Two categories J and C and a functor J : J — >• C. 17 

• A functor T : J -> C. 

• For every X G J an arrow 5 X ■ TX ->• JX G C (the unit). 

• For every X, Y G J and arrow fe : -> JY G C, an arrow fc* :TX ->• TY (the Kleisli 
extension). 

Furthermore, we insist on the following equalities: 

• If X, Y G J and k : X -> Y G J then k = k* o d. 



The clash with the ^7" from Definition 8.4 is deliberate: this is the only J we will care about in this paper. The 
definition of relative comonad from [ACU10] is general in the source category. 
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• If X G J then 8* x = id T x- 

• li X,Y, Z £ J and k : TX — >■ JY and l:TY ^ JZ then I* o k* = (I o k)*. 

Definition 8.12. Take C to have objects types A and arrows elements of [Bj M = [A-^]— 
this is simply the natural category arising from the denotational semantics of Figure 3. 
Take J to be the category of Definition 8.4. 

Take J to map A G J to DA G C and to map / G [□£] IDj4J to itself. 

Take T to map A G J to DCL4 G C and to map / G {DBj [DAI to □/ from Definition 8.2. 

Proposition 8.13. Definition 8.12 determines a relative comonad on C. 

It is slightly simplified, but accurate, to describe relative (co)monads as being for the case 
where we have an operator that is nearly (co)monadic but the category in question has 'too 
many objects'. By that view, □ is a comonad on the full subcategory of C over modal types. 

Now the intuition of modal types DA is 'closed syntax', so it may be worth explicitly 
noting here that this full subcategory is not just a category of syntax. Each j_DAJ contains for 
each term h r : A also a copy of {AJ , because we inflate. 

9. Conclusions 

The intuition realised by the denotation of DA in this paper means 'typable closed syntax 
of the same language, of type A'. This is difficult to get right because it is self -referential; if we 
are careless then the undecidable runtime impinges on the inductively defined denotation. 
We noted this in Subsection 3.3.3. 

For that reason we realised this intuition by an 'inflated' reading of DA as 'closed syn- 
tax, and purported denotation of that syntax'. As noted in Remark 3.2, there is no actual 
restriction that Dr :: x G IDA} needs to match up, in that r must have denotation x. 

When r and x do match up we say that Dr :: x is shapely. This is Definition 7.1, and we use 
this notion for our culminating result in Corollary 7.7, which entails that there is no unform 
family of terms of type A—tDA. 

The proof of this involves a beautiful interplay between syntax and denotation, which 
also illustrates the usefulness of denotational techniques; we can use a sound model to show 
that certain things cannot happen in the syntax, because if they did, they would have to 
happen in the model. 

Future work. One avenue for future work is to note that our denotation is sets based, and so 
this invites generalisation to nominal sets semantics [GP01]. 

Perhaps we could leverage this to design a language which combines the simplicity of the 
purely modal system with the expressivity of contextual terms. Specifically, nominal sets are 
useful for giving semantics to open terms [GM11, Gabll] and we hope to develop a language 
in which we can retain the modal type system but relax the condition that fa(r) = in (DI) 
in Figure 1 (much as the contextual system does, but in the 'nominal' approach we would 
not add types to the modality). 

The underlying motivation here is that the contextual system is 'eager' in accounting for 
free variables — we need to express all the variables we intend to use in the contextual modal 
type, by putting their types in the modality. We might prefer to program on open syntax in 
a 'lazy' fashion, by stating that the syntax may be open, but not specifying its free variables 
explicitly in the type. 
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Note that this is not the same thing as programming freely on open syntax. Free variables 
would still be accounted for in the typing context (leading to some form of dynamic linking 
as and when open syntax is unboxed and evaluated; for an example of a A-calculus view of 
dynamic linking, though not meta-programming, see [AFZ03]). So all variables would be 
eventually accounted for in the typing context, but they would not need to be listed in the 

type- 

This is another reason for the specific design of our denotional semantics and taking the 
denotation of OA to be specifically closed syntax; we hope to directly generalise this using 
nominal techniques so that OA can also denote (atoms-)open syntax. This is future work. 

On the precise meaning of Corollary 7.7. Corollary 7.7 depends on the fact that we admitted no 
constants of type (N— >-N)— )D(N— >-N). We maybe able to admit such a constant, representing 
a function that takes denotation and associates to it some 'dummy syntax' chosen in some 
fixed but arbitrarly manner. 

So Corollary 7.7 does not (and should not) prove that terms of type (N— >N)— >D(N— >N) 
are completely impossible — only that they do not arise from the base system and cannot 
exist unless we explicitly choose to put them in there. 

Technical notes on the jump in complexity from modal to contextual system. We noted in the intro- 
duction that Sections 2 and 5, and Sections 3 and 6 are parallel developments of the syntax 
and examples of the modal and contextual systems. 

We briefly survey technical details of how these differences manifest themselves. 

• The contextual system enriches the modal system with types in the modality. The 
increase in expressivity is exemplified in Subsection 6.2.2. 

• In the contextual system and not in the modal system, instantiation of unknowns can 
trigger an atoms-substitution (see Definition 5.11) leading to a kind of 'cascade effect'. 
This turns out to be terminating, well-behaved, and basically harmless — but this has 
to be verified, and that brings some specific technical material forward in the proofs 
for the contextual case that is not so prominent in the purely modal case (notably, 
Lemma 5.15). 

• A clear view of exactly where the extra complexity of the contextual system 'lives' in 
the denotation can be obtained by comparing the denotational semantics of OA and 
[Ai]A in Figures 3 and 8. 

Related work 

O and monads. Famously, Moggi proposed to model computation using a monad [Mog91]. 
Let us write it as QA. 18 This type is intuitively populated by 'computations of type A'. 
The unit arrow A—> ()A takes a value of type A and returns the trivial computation that just 
returns A. 

The difference from the comonad of this paper in that our OA is populated by closed 
syntax, and not by computation. 

If we have an element of N N then it is easy to build a computation that just returns that 
value; it is however not easy — and may be impossible — to exhibit closed syntax to represent 
this computation. 



Pfenning and Davies discuss this in [PD01, Section 7, page 21]. 
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We could add a constant to our syntax for each of the uncountably many functions from 
natural numbers to natural numbers. This would be mathematically fine — but not particu- 
larly implementable. We do not assume this. 

Closed syntax is of course related to computation, and we can make this formal: Given 
an element in D(N— >N) we can map it to a computation, just by executing it. So intuitively 
there is an arrow DA — > ()A. In the modal logic tradition this is called axiom (D). 

In summary: we propose that the Moggi-style monads corresponds to a modal 0/ whereas 
CMTT-style □ is a modal □ and corresponds to a comonadic structure. 

See also [Kob97, BdPOO, AMdPROl], where the □ operator of several constructive vari- 
ants of S4 (not equivalent to the version we presented here) is modeled as comonads. 

Brief survey of applications of □ calculi. Logic and denotation, not implementation, are the 
focus of this paper, but the 'D-calculi' considered in this paper have their motivation in 
implementation and indeed they were specifically designed to address implementational 
concerns. We therefore give a brief survey of how (contextual) modal types have been useful 
in the more applied end of computer science. 

The connection of the modal □ calculus with partial evaluation and staged computation 
was noticed by Davies and Pfenning [DP01, PD01], and subsequently used as a language 
for run-time code generation by Wickline et al. [WLP98]. The contextual variant of □ as a 
basis for meta-programming and modeling of higher-order abstract syntax was proposed by 
Nanevski and Pfenning [NP05], and subsequently used to reason about optimised imple- 
mentation of higher-order unification in Twelf [PP03], which could even be scaled to depen- 
dent types [NPP08]. 

Recently, the contextual flavor of the system has been used in meta-programming appli- 
cations for reasoning and programming with higher-order abstract syntax by Pientka and 
collaborators [Pie08, PD08, FP10, CP12]. 

Relationship between the formulation with meta-variables and labeled natural deductions. The syn- 
tax of terms from Definition 2.6 does not follow instantly from the syntax of types from 
Definition 2.2; in particular, the use of a two-level syntax (also reminiscent of the two levels 
of nominal terms [UPG04]) is a design choice, not an inevitability. 

The usual way to present inference systems based on modal logic is to have a preposi- 
tional (or variable) context where each proposition is labeled by the 'world' at which it is 
true [Sim94]. 

When S4 is considered, we take advantage of reflexivity and transitivity of the Kripke 
frame to simplify the required information to two kinds of facts: 

1. What holds at the current world, but not necessarily in all future worlds. 

2. What holds in the current world and also in all future worlds. 

By this view, the first kind of fact corresponds to atoms a, and the second kind of fact 
corresponds to unknowns X. So this can be seen as the origin of the two-level structure of 
our syntax in this paper. 

The interested reader can find the modal (non-contextual) version of our type-system 
presented using the labeled approach in a paper by Davies and Pfenning [DP01], and each 
stage of computation is indeed viewed as world in a Kripke frame. 
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CMTT and nominal terms. Nominal terms were developed in [UPG03, UPG04] and feature a 
two-level syntax, just like CMTT. That is made very clear in this paper, where the first author 
imported the nominal terms terminology of atoms and unknowns. 

The syntax of this paper is not fully nominal — the [ai]r of the contextual system may look 
like a nominal abstraction, but there are no suspended permutation tt-X (instead, we have 
types in the modality). One contribution of this paper is to make formal, by a denotation, 
the precise status of the two levels of variable in CMTT. 

So we can note that the abstraction for atoms is functional abstraction in CMTT whereas 
the abstraction for atoms in nominal terms is nominal atoms-abstraction; 19 unknowns of 
nominal terms range over elements of nominal sets, whereas unknowns of CMTT range 
over ordinary sets functionally abstracted over finitely many arguments; the notion of equiv- 
ariance (symmetry up to permuting atoms) characteristic of all nominal techniques is absent 
in CMTT (the closest we get is a term like exchange B c in Subsection 6.2.4); and in contrast 
the self-reflective character of CMTT is absent from nominal terms and the logics built out 
of it [Gabl2]. So in spite of some structural parallels between CMTT and nominal terms in 
that both are two-level, there are also significant differences. 

As noted above, there is a parallel between CMTT and Kripke structures, that is made 
more explicit in [DP01]. A direct connection between nominal terms and Kripke semantics 
has never been made, but the first author at least has been aware of it as a possibility, where 
'future worlds' corresponds to 'more substitutions arriving'. Also as discussed above, an ob- 
vious next step is to develop a modified modal syntax which takes on board more 'nominal' 
ideas, applied to the modal intuitions which motivate the A-calculus of this paper. This is 
future work. 

The syntax of this paper, and previous work. The modal and contextual systems which we give 
semantics to in this paper, are taken from previous work. Specifically, Definition 2.6 cor- 
responds to [PD01], Definition 5.4 corresponds to [NPP08], Figure 1 corresponds to [PD01] 
and Figure 6 to [NPP08]. 

We cannot give specific definition references in the citations to [NPP08] and [PD01], be- 
cause those papers never give a specific definition of their syntax. If they did, then they 
would correspond as described. We do feel that this paper does make some contribution in 
terms of presentation, and the exposition and definitions here may be tailored to a slightly 
different community. 
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In [GM09] we translate nominal terms to higher-order terms, and atoms-abstraction gets translated to func- 
tional abstraction. However, this does not mean that atoms-abstraction is a 'special case' of functional abstrac- 
tion, any more than translating e.g. Java to machine binary means that method invocation is a special case of 
logic gates. 
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